An information processing device includes: a non-volatile storage; a communication interface; a processor; and a memory. The non-volatile storage is configured to store a private key. The memory stores computer-readable instructions therein. The computer-readable instructions, when executed by the processor, cause the information processing device to perform: acquiring the private key from the non-volatile storage; acquiring a certificate from a specific external device via the communication interface, the certificate including a public key corresponding to the private key, and the specific external device being different from the information processing device; converting specific data using the private key to generate converted specific data, the converting including one of encrypting the specific data and decrypting the specific data encrypted using the public key; and outputting the certificate.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. An information processing device comprising: a non-volatile storage configured to store a plurality of private keys including a first private key and a second private key and a plurality of sets of correspondence information including first correspondence information and second correspondence information, the first correspondence information associating first user identification information, first private-key identification information, and first certificate identification information with each other, the second correspondence information associating second user identification information, second private-key identification information, and second certificate identification information with each other, the first private key being stored in association with the first private-key identification information, the second private key being stored in association with the second private-key identification information; an input interface; a communication interface; a processor comprising hardware; and a memory storing computer-readable instructions therein, the computer-readable instructions, when executed by the processor, causing the information processing device to perform: receiving an input designating user identification information via the input interface; in response to receiving the input designating the first user identification information, identifying the first private-key identification information and the first certificate identification information using the first correspondence information corresponding to the first user identification information; in response to identifying the first private-key identification information, acquiring the first private key corresponding to the first private-key identification information from the non volatile storage as a private key; in response to identifying the first certificate identification information, acquiring a first certificate identified by the first certification identification information from a specific external device via the communication interface as a certificate, the first certificate including a first public key corresponding to the first private key as a public key, the specific external device being different from the information processing device; in response to receiving the input designating the second user identification information, identifying the second private-key identification information and the second certificate identification information using the second correspondence information corresponding to the second user identification information; in response to identifying the second private-key identification information, acquiring the second private key corresponding to the second private-key identification information from the non-volatile storage as the private key; in response to identifying the second certificate identification information, acquiring a second certificate identified by the second certificate identification information from the specific external device via the communication interface as the certificate, the second certificate including a second public key corresponding to the second private key as the public key; converting specific data using the acquired private key to generate converted specific data, the converting including one of encrypting the specific data and decrypting the specific data encrypted using the public key included in the acquired certificate; and outputting the acquired certificate.
2. The information processing device according to claim 1 , wherein the outputting further outputs the converted specific data after encrypting the specific data.
This invention relates to an information processing device designed to enhance data security during transmission. The device converts specific data into a different format before outputting it, ensuring compatibility with external systems or secure transmission protocols. The conversion process may involve encoding, compression, or other transformations to prepare the data for further processing or secure transfer. In addition to conversion, the device encrypts the specific data before outputting it, adding an extra layer of security to prevent unauthorized access during transmission. The encryption ensures that even if the data is intercepted, it remains protected and unreadable without proper decryption keys. This dual-layer approach—conversion followed by encryption—improves data integrity and confidentiality, making it particularly useful in systems where sensitive information is exchanged over potentially insecure networks. The device may be integrated into various applications, such as secure communication systems, data storage solutions, or cloud computing environments, where protecting data during transfer is critical. By combining conversion and encryption, the invention provides a robust method for safeguarding data while maintaining compatibility with different systems and protocols.
3. The information processing device according to claim 1 , wherein the computer-readable instructions, when executed by the processor, cause the information processing device to further perform: acquiring data to be signed; and generating the specific data according to the data to be signed, wherein the encrypting encrypts the specific data using the private key to generate signature data as the converted specific data, and wherein the outputting outputs signed data including the data to be signed, the signature data, and the acquired certificate.
This invention relates to secure data signing and verification in information processing systems. The problem addressed is ensuring the integrity and authenticity of digital data through cryptographic signing while efficiently managing associated certificates. The system includes a processor executing instructions to acquire data to be signed, generate specific data from this input, and encrypt the specific data using a private key to produce signature data. The signed data output includes the original data, the signature data, and an acquired certificate. The certificate likely contains the public key corresponding to the private key used for signing, enabling verification of the signature's authenticity. The system may also handle certificate validation, ensuring the certificate is trusted and unexpired. This approach streamlines digital signing processes by integrating certificate management, reducing the need for separate verification steps. The invention is particularly useful in applications requiring secure document signing, transaction authentication, or data integrity verification, such as financial systems, legal document processing, or blockchain transactions. The method ensures that signed data remains tamper-evident and verifiable by authorized parties.
4. The information processing device according to claim 3 , wherein the outputting transmits the signed data to the specific external device via the communication interface.
The invention relates to an information processing device designed to enhance secure data transmission. The device includes a communication interface for exchanging data with external devices and a processing unit configured to generate signed data by applying a digital signature to input data. The digital signature ensures data integrity and authenticity during transmission. The processing unit also verifies the digital signature of received data to confirm its validity. The device is further configured to transmit the signed data to a specific external device via the communication interface, ensuring secure and authenticated communication. This system addresses the problem of unauthorized data tampering and ensures that only verified data is exchanged between devices, improving security in data transmission protocols. The invention is particularly useful in environments where data integrity and authentication are critical, such as financial transactions, secure messaging, or industrial control systems. The device's ability to both sign and verify data ensures bidirectional security, preventing unauthorized modifications during transmission.
5. The information processing device according to claim 1 , wherein the first certificate identification information is a first filename given to the first certificate, and the second certificate identification information is a second filename given to the second certificate.
This invention relates to information processing devices that manage digital certificates, specifically addressing the challenge of securely and efficiently identifying and handling multiple certificates. The device includes a storage unit that holds a first certificate and a second certificate, each associated with unique identification information. The first certificate is linked to a first filename, while the second certificate is linked to a second filename. These filenames serve as identifiers, allowing the device to distinguish between the certificates during storage, retrieval, and processing. The system ensures that each certificate is correctly referenced by its respective filename, preventing misidentification and ensuring proper certificate management. This approach simplifies certificate handling by using filenames as clear, human-readable identifiers, reducing errors in certificate selection and improving system reliability. The invention is particularly useful in environments where multiple certificates must be managed securely, such as in authentication systems or secure communication protocols. By leveraging filenames as identifiers, the device enhances usability and reduces the complexity of certificate management tasks.
6. The information processing device according to claim 1 , wherein the computer-readable instructions, when executed by the processor, cause the information processing device to further perform determining whether the acquired certificate is an authentic certificate corresponding to the specific acquired private key, and wherein the outputting outputs the acquired certificate in response to determining that the acquired certificate is the authentic certificate.
This invention relates to information processing devices that handle cryptographic certificates and private keys. The problem addressed is ensuring the authenticity of a certificate before it is used or output, preventing security risks from invalid or tampered certificates. The device includes a processor and memory storing computer-readable instructions. When executed, these instructions cause the device to acquire a certificate and a specific private key. The device then determines whether the acquired certificate is authentic by verifying its correspondence to the private key. If the certificate is confirmed as authentic, it is output for use. This verification step ensures that only valid certificates, properly linked to their associated private keys, are processed or shared, enhancing security in cryptographic operations. The device may also include additional features such as acquiring the certificate and private key from a storage medium or network, and performing cryptographic operations like encryption or decryption using the verified certificate. The authentication process may involve checking digital signatures, certificate chains, or other cryptographic proofs to confirm the certificate's validity. This invention is particularly useful in secure communication systems, digital signature applications, and access control mechanisms where certificate authenticity is critical.
7. The information processing device according to claim 6 , wherein the determining comprises: performing a first determination using a first determination method for determining whether the acquired certificate is an authentic certificate; in response to determining that the acquired certificate is the authentic certificate in the first determination, performing a second determination using a second determination method for determining whether the acquired certificate is an authentic certificate, the second determination method requiring a higher processing load than the first determination method; and wherein in response to determining that the acquired certificate is not the authentic certificate in the first determination, the second determination is not performed.
This invention relates to information processing devices that verify digital certificates to ensure authenticity. The problem addressed is the computational overhead of certificate validation, which can slow down systems requiring frequent checks. The solution involves a two-stage verification process to balance security and efficiency. The device first performs a lightweight initial check using a first determination method to quickly assess whether a certificate is authentic. If the initial check passes, a more rigorous second determination method is applied, which requires higher processing resources. If the initial check fails, the second method is skipped, saving computational effort. This approach reduces unnecessary processing while maintaining security by only applying resource-intensive checks when necessary. The first determination method is designed to be fast but may have a higher false-positive rate, while the second method is more accurate but computationally expensive. This two-tiered approach optimizes performance in systems where certificate validation is frequent, such as in secure communications or authentication processes.
8. The information processing device according to claim 7 , wherein the public key includes a plurality of information items, and the private key includes at least part of the plurality of information items included in the public key corresponding to the private key as shared information, and wherein in the first determination, a determination is made to determine whether the shared information, which is included in the private key acquired from the non-volatile storage, matches the at least part of the plurality of information items of the public key, which is included in the acquired certificate.
This invention relates to cryptographic key management in information processing devices, specifically addressing the challenge of securely verifying the authenticity of public keys using corresponding private keys stored in non-volatile memory. The system involves an information processing device that performs a verification process to ensure the integrity and authenticity of cryptographic operations. The device acquires a certificate containing a public key and a private key from a non-volatile storage. The public key consists of multiple information items, while the private key includes at least a subset of these items as shared information. During verification, the device checks whether the shared information in the private key matches the corresponding subset of information items in the public key from the certificate. This ensures that the private key is valid and properly associated with the public key, preventing unauthorized or tampered key usage. The verification process enhances security by confirming that the private key has not been altered and that it correctly corresponds to the public key in the certificate. This method is particularly useful in secure systems where cryptographic operations must be authenticated to prevent fraud or unauthorized access.
9. The information processing device according to claim 1 , further comprising: a temporary storage configured to temporarily store the acquired certificate even if the acquired certificate is outputted, wherein the computer-readable instructions, when executed by the processor, cause the information processing device to further perform determining whether the certificate including the public key corresponding to the private key remains stored in the temporary storage, and wherein the certificate is acquired not from the specific external device but from the temporary storage in a case where the certificate corresponding to the private key acquired again remains stored in the temporary storage in a state where the private key is acquired again after the certificate is outputted.
This invention relates to information processing devices that manage cryptographic certificates and private keys, addressing the inefficiency of repeatedly acquiring the same certificate from an external device. The system includes a temporary storage that retains acquired certificates even after they are outputted. When a private key is reacquired, the device checks if a corresponding certificate remains in temporary storage. If found, the certificate is retrieved from storage rather than reacquiring it from an external source, improving efficiency. The device also includes a processor executing instructions to acquire a private key from a specific external device, output the private key, and acquire a certificate associated with the private key. The certificate includes a public key corresponding to the private key. The temporary storage ensures that once a certificate is acquired, it can be reused if the private key is reacquired, reducing redundant external requests. This approach optimizes performance by minimizing repeated certificate acquisitions, particularly in scenarios where the same private key and certificate pair are frequently accessed. The system enhances security and efficiency in cryptographic operations by leveraging cached certificates.
10. A non-transitory computer readable storage medium storing a set of program instructions installed on and executed by a processor for controlling an information processing device including: a non-volatile storage configured to store a plurality of private keys including a first private key and a second private key and a plurality of sets of correspondence information including first correspondence information and second correspondence information, the first correspondence information associating first user identification information, first private-key identification information, and first certificate identification information with each other, the second correspondence information associating second user identification information, second private-key identification information, and second certificate identification information with each other, the first private key being stored in association with the first private-key identification information, the second private key being stored in association with the second private-key identification information; an input interface; a communication interface; and the processor, the set of program instructions which, when executed by the processor, cause the processor to perform a method comprising: receiving an input designating user identification information via the input interface; in response to receiving the input designating the first user identification information, identifying the first private-key identification information and the first certificate identification information using the first correspondence information corresponding to the first user identification information; in response to identifying the first private-key identification information, acquiring the first private key corresponding to the first private-key identification information from the non-volatile storage as a private key; in response to identifying the first private-key identification information, acquiring a first certificate identified by the first certificate identification information from a specific external device via the communication interface as a certificate, the first certificate including a first public key corresponding to the first private key as a public key, the specific external device being different from the information processing device; in response to receiving the input designating the second user identification information, identifying the second private-key identification information and the second certificate identification information using the second correspondence information corresponding to the second user identification information; in response to identifying the second private-key identification information, acquiring the second private key corresponding to the second private-key identification information from the non-volatile storage as the private key; in response to identifying the second certificate identification information, acquiring a second certificate identified by the second certificate identification information from the specific external device via the communication interface as the certificate, the second certificate including a second public key corresponding to the second private key as the public key; converting specific data using the acquired private key to generate converted specific data, the converting including one of encrypting the specific data and decrypting the specific data encrypted using the public key included in the acquired certificate; and outputting the acquired certificate.
This invention relates to a system for managing and using multiple private keys and certificates in an information processing device. The system addresses the challenge of securely handling multiple user identities, each associated with distinct cryptographic keys and certificates, while ensuring proper key-certificate pairing and efficient retrieval. The device includes non-volatile storage for storing multiple private keys and sets of correspondence information. Each set links user identification information, private-key identification information, and certificate identification information. When a user selects a specific identity via an input interface, the system retrieves the corresponding private key from local storage and the associated certificate from an external device. The certificate contains a public key matching the private key. The system then uses the private key to encrypt or decrypt data and outputs the retrieved certificate. This approach ensures secure cryptographic operations while maintaining separation between different user identities and their associated keys. The external device provides centralized certificate management, reducing storage requirements on the local device and ensuring up-to-date certificates are used. The system supports multiple users or roles on a single device, with each identity having its own cryptographic materials.
11. The non-transitory computer readable storage medium according to claim 10 , wherein the outputting further outputs the converted specific data after encrypting the specific data.
A system and method for secure data processing involves converting specific data from a first format to a second format and then encrypting the converted data before outputting it. The data conversion process ensures compatibility or transformation between different data structures, protocols, or representations, while encryption enhances security by protecting the data from unauthorized access during transmission or storage. The system may include a data conversion module that performs the transformation and an encryption module that applies cryptographic techniques to the converted data. The encryption process may use symmetric or asymmetric encryption algorithms, ensuring that only authorized recipients with the appropriate decryption keys can access the original data. This approach is particularly useful in environments where data must be securely transmitted or stored after being converted, such as in cloud computing, data migration, or interoperability systems. The encryption step adds an additional layer of security, preventing exposure of sensitive information during the conversion process. The system may also include validation mechanisms to verify the integrity and authenticity of the converted and encrypted data, ensuring that no tampering has occurred. This method is applicable in various industries, including finance, healthcare, and enterprise IT, where data security and format compatibility are critical.
12. The non-transitory computer readable storage medium according to claim 10 , wherein the set of program instructions further comprises: acquiring data to be signed; and generating the specific data according to the data to be signed, wherein the encrypting encrypts the specific data using the private key to generate signature data as the converted specific data, and wherein the outputting outputs signed data including the data to be signed, the signature data, and the acquired certificate.
This invention relates to digital signature generation and verification in cryptographic systems. The problem addressed is ensuring secure and verifiable digital signatures while efficiently managing cryptographic operations. The system involves a non-transitory computer-readable storage medium storing program instructions for generating and verifying digital signatures. The instructions include acquiring data to be signed, generating specific data from this input, and encrypting the specific data using a private key to produce signature data. The signed data output includes the original data, the signature data, and an acquired certificate for verification. The certificate likely contains a public key corresponding to the private key used for signing. The system ensures data integrity and authenticity by binding the signature to the original data and providing a verifiable certificate. The process may involve additional steps such as key management, certificate validation, or error handling, though these are not explicitly detailed. The invention focuses on the cryptographic transformation of data into a signed format that can be later verified using the corresponding public key and certificate. This approach is useful in secure communications, document authentication, and blockchain applications where tamper-proof signatures are required.
13. The non-transitory computer readable storage medium according to claim 12 , wherein the outputting transmits the signed data to the specific external device via the communication interface.
This invention relates to secure data transmission in computer systems, specifically addressing the need for authenticated and tamper-proof data exchange between devices. The system involves a non-transitory computer-readable storage medium storing instructions that, when executed, perform a method for securely transmitting data. The method includes generating a digital signature for data using a private key, where the signature is verifiable by a corresponding public key. The signed data is then transmitted to a specific external device via a communication interface, ensuring data integrity and authenticity during transmission. The system may also include generating a cryptographic key pair, where the private key is used for signing and the public key is shared with the external device for verification. The communication interface facilitates the transfer of the signed data to the designated recipient, preventing unauthorized modifications or impersonation during transit. This approach enhances security in applications requiring trusted data exchange, such as financial transactions, secure communications, or authentication systems. The invention ensures that only the intended recipient can verify the data's origin and integrity, mitigating risks of interception or tampering.
14. The non-transitory computer readable storage medium according to claim 10 , wherein the first certificate identification information is a first filename given to the first certificate, and the second certificate identification information is a second filename given to the second certificate.
This invention relates to digital certificate management in computer systems, specifically addressing the challenge of securely and efficiently identifying and validating certificates during authentication processes. The system involves storing certificates in a computer-readable storage medium, where each certificate is assigned unique identification information to facilitate retrieval and verification. The invention ensures that certificates can be reliably distinguished and accessed, particularly in scenarios where multiple certificates may be involved in a single authentication workflow. The system includes a method for managing certificates by associating each certificate with distinct identification information, such as filenames. For example, a first certificate is assigned a first filename, and a second certificate is assigned a second filename. These filenames serve as unique identifiers, allowing the system to quickly locate and verify the certificates during operations like authentication or key exchange. The method ensures that the certificates can be securely stored and retrieved without ambiguity, reducing the risk of errors or security vulnerabilities. The invention also includes mechanisms for validating the certificates based on their identification information, ensuring that only authorized and valid certificates are used in cryptographic operations. This approach enhances security by preventing the use of expired, revoked, or improperly issued certificates. The system is designed to work with various types of certificates, including those used in public key infrastructure (PKI) environments, and can be integrated into existing security frameworks. The use of filenames as identifiers simplifies certificate management while maintaining high levels of
15. The non-transitory computer readable storage medium according to claim 10 , wherein the set of program instructions further comprises determining whether the acquired certificate is an authentic certificate corresponding to the acquired private key, and wherein the outputting outputs the acquired certificate in response to determining that the acquired certificate is the authentic certificate.
This invention relates to digital certificate validation in cryptographic systems. The problem addressed is ensuring that a digital certificate is authentic and correctly corresponds to a private key, which is critical for secure communications and authentication. The invention provides a method for validating a certificate by comparing it to a private key to confirm authenticity before use. The system acquires a digital certificate and a private key from a storage medium. It then determines whether the acquired certificate is authentic by verifying that it correctly corresponds to the private key. If the certificate is authentic, it is output for use in cryptographic operations. This validation step prevents the use of fraudulent or mismatched certificates, enhancing security in digital transactions and communications. The process ensures that only valid certificates are utilized, reducing the risk of unauthorized access or tampering. The invention is particularly useful in environments where secure authentication and data integrity are paramount, such as financial transactions, secure communications, and access control systems.
16. A method for controlling an information processing device including: a non-volatile storage configured to store a plurality of private keys including a first private key and a second private key and a plurality of sets of correspondence information including first correspondence information and second correspondence information, the first correspondence information associating first user identification information, first private-key identification information, and first certificate identification information with each other, the second correspondence information associating second user identification information, second private-key identification information, and second certificate identification information with each other, the first private key being stored in association with the first private-key identification information, the second private key being stored in association with the second private-key identification information; an input interface; and a communication interface, the method comprising: receiving an input designating user identification information via the input interface; in response to receiving the input designating the first user identification information, identifying the first private-key identification information and the first certificate identification information using the first correspondence information corresponding to the first user identification information; in response to identifying the first private-key identification information, acquiring the first private key corresponding to the first private-key identification information from the non-volatile storage as a private key; in response to identifying the first certificate identification information, acquiring a first certificate identified by the first certificate identification information from a specific external device via the communication interface as a certificate, the first certificate including a first public key corresponding to the first private key as a public key, the specific external device being different from the information processing device; in response to receiving the input designating the second user identification information, identifying the second private-key identification information and the second certificate identification information using the second correspondence information corresponding to the second user identification information; in response to identifying the second private-key identification information, acquiring the second private key corresponding to the second private-key identification information from the non-volatile storage as the private key; in response to identifying the second certificate identification information, acquiring a second certificate identified by the second certificate identification information from the specific external device via the communication interface as the certificate, the second certificate including a second public key corresponding to the second private key as the public key; converting specific data using the acquired private key to generate converted specific data, the converting including one of encrypting the specific data and decrypting the specific data encrypted using the public key included in the acquired certificate; and outputting the acquired certificate.
This invention relates to secure information processing, specifically managing multiple private keys and certificates for different users on a single device. The problem addressed is the need to securely associate and retrieve private keys and corresponding certificates for different users without compromising security or usability. The system includes a non-volatile storage that holds multiple private keys and sets of correspondence information. Each set links user identification information with private-key identification information and certificate identification information. When a user is selected via an input interface, the system retrieves the corresponding private key from local storage and the associated certificate from an external device. The certificate contains a public key matching the private key. The system then uses the private key to encrypt or decrypt data and outputs the certificate. This approach ensures that each user's private key and certificate are properly linked and securely accessed, enabling secure data processing for multiple users on a single device. The external certificate storage enhances security by preventing unauthorized access to certificates while maintaining efficient retrieval.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
March 27, 2018
March 22, 2022
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.